﻿using IdentityServer4.Models;
using IdentityServer4.Test;
using System.Collections.Generic;
using System.Security.Claims;

namespace AuthorizationServer
{
  public static class IdentityServerConfig
  {
    /// <summary>
    /// Gets the clients.
    /// </summary>
    public static ICollection<Client> GetClients()
    {
      var clients = new List<Client>();
      var client = new Client
      {
        // 客户端id 用于标识客户端
        ClientId = "clientid",
        // 客户端秘密 验证客户端是否为真实的客户端
        ClientSecrets = new List<Secret> {
          new Secret("secret".Sha256())
        },
        // 允许客户端访问的范围
        AllowedScopes = new List<string> { "api1" },
        // 设置客户端授权模式
        AllowedGrantTypes = GrantTypes.ClientCredentials
      };

      var roclient = new Client
      {
        // 客户端id 用于标识客户端
        ClientId = "roclient",
        // 客户端秘密 验证客户端是否为真实的客户端
        ClientSecrets = new List<Secret> {
          new Secret("secret".Sha256())
        },
        // 允许客户端访问的范围
        AllowedScopes = new List<string> { "api2" },
        // 设置客户端授权模式
        AllowedGrantTypes = GrantTypes.ResourceOwnerPassword
      };
      clients.Add(client);
      clients.Add(roclient);
      return clients;
    }

    /// <summary>
    /// Gets the apis.
    /// </summary>
    public static ICollection<ApiResource> GetApis()
    {
      return new List<ApiResource> {
         new ApiResource{
            Scopes = new List<Scope>{
              // scope 范围
               new Scope{  }
            }
         },
         new ApiResource("api1","IdentityServer4 客户端授权模式测试用API"),
         new ApiResource("api2","IdentityServer4 资源所有者密码授权模式测试用API",
         new List<string>{
           "company",
           "role"
         })
      };
    }

    // 定义用户
    public static List<TestUser> GetUsers()
    {
      // [IdentityServer4实战 - 基于角色的权限控制及Claim详解] (https://www.cnblogs.com/stulzq/p/8726002.html)
      return new List<TestUser>
      {
        new TestUser{
           Username = "jiangy",
           Password = "1",
           // 区分client调用还是用户调用？
           SubjectId ="roclient_sub_jiangy",
           IsActive = true,
           Claims = new List<Claim>{
              new Claim("sex","男"),
              new Claim("company","重庆分公司"),
              new Claim("role","项目总监")
           }
        }
      };
    }

  }
}
